Peter Karlsson wrote:
> Is this a general security discussion list or a gentoo security updates
> list? Shouldn't there be lots of discussions regarding firewall filter
> rules, IDS, SELinux, etc?
>
> Just for the sake of it? ;-)
It's a general Gentoo security discussion list.
Gentoo-related vulnerabilities are submitted to Bugzilla
(Product=GentooSecurity / Component=Vulnerabilities) and GLSAs are
posted to gentoo-announce, so it's not the best place to discuss
security updates, vulnerabilities or GLSA errors (which should be in
Bugzilla Gentoo Security / Component="GLSA Errors").
We discuss major security policy changes here, and also have discussions
on the general subject of Gentoo and Security (like the use of MD5 only
in portage, or the lack of tree signing). You can post general security
subjects here but you might find the list a little quiet for this and
prefer to post to another list with wider audience (like the
securityfocus ones).
It's true this list may have a too narrow purpose, especially with the
existence of the gentoo-hardened and gentoo-server lists which overlap
parts of it...
--
Thierry Carrez (Koon)
Operational Manager, Gentoo Linux Security
> Is this a general security discussion list or a gentoo security updates
> list? Shouldn't there be lots of discussions regarding firewall filter
> rules, IDS, SELinux, etc?
>
> Just for the sake of it? ;-)
It's a general Gentoo security discussion list.
Gentoo-related vulnerabilities are submitted to Bugzilla
(Product=GentooSecurity / Component=Vulnerabilities) and GLSAs are
posted to gentoo-announce, so it's not the best place to discuss
security updates, vulnerabilities or GLSA errors (which should be in
Bugzilla Gentoo Security / Component="GLSA Errors").
We discuss major security policy changes here, and also have discussions
on the general subject of Gentoo and Security (like the use of MD5 only
in portage, or the lack of tree signing). You can post general security
subjects here but you might find the list a little quiet for this and
prefer to post to another list with wider audience (like the
securityfocus ones).
It's true this list may have a too narrow purpose, especially with the
existence of the gentoo-hardened and gentoo-server lists which overlap
parts of it...
--
Thierry Carrez (Koon)
Operational Manager, Gentoo Linux Security